Vulnerabilities (CVE)

Filtered by CWE-125
Total 6166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5360 2 Graphicsmagick, Libtiff 2 Graphicsmagick, Libtiff 2019-04-22 6.8 MEDIUM 8.8 HIGH
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVE-2019-2037 1 Google 1 Android 2019-04-22 5.0 MEDIUM 7.5 HIGH
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119870451.
CVE-2019-2038 1 Google 1 Android 2019-04-22 4.3 MEDIUM 5.5 MEDIUM
In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121259048.
CVE-2019-2039 1 Google 1 Android 2019-04-22 4.7 MEDIUM 5.0 MEDIUM
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121260197.
CVE-2019-2040 1 Google 1 Android 2019-04-22 4.7 MEDIUM 5.0 MEDIUM
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122316913.
CVE-2018-17294 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2019-04-18 4.3 MEDIUM 6.5 MEDIUM
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
CVE-2018-11897 1 Google 1 Android 2019-04-18 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.
CVE-2019-5520 1 Vmware 3 Esxi, Fusion, Workstation 2019-04-17 4.3 MEDIUM 5.9 MEDIUM
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVE-2017-14607 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2019-04-17 5.8 MEDIUM 8.1 HIGH
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2019-5516 1 Vmware 3 Esxi, Fusion, Workstation 2019-04-16 5.8 MEDIUM 6.8 MEDIUM
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVE-2019-5517 1 Vmware 3 Esxi, Fusion, Workstation 2019-04-16 5.8 MEDIUM 6.8 MEDIUM
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVE-2017-7771 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 5.8 MEDIUM 8.1 HIGH
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7776 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 5.8 MEDIUM 8.1 HIGH
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7774 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 6.4 MEDIUM 9.1 CRITICAL
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2016-7449 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 5.0 MEDIUM 7.5 HIGH
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-9918 1 Bluez Project 1 Bluez 2019-04-12 5.0 MEDIUM 7.5 HIGH
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2018-10243 1 Oisf 1 Libhtp 2019-04-08 7.5 HIGH 9.8 CRITICAL
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
CVE-2018-4371 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-04-08 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
CVE-2018-4434 1 Apple 1 Mac Os X 2019-04-05 6.6 MEDIUM 7.1 HIGH
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4282 1 Apple 3 Iphone Os, Tvos, Watchos 2019-04-04 4.9 MEDIUM 5.5 MEDIUM
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.